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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments, see page 2 of the Remarks/Arguments, filed February 22, 
2005, with respect to the rejection{s) of claim(s) 1-14 under 103(a) have been fully 
considered and are persuasive. Therefore, the rejection has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made in view of 
Aura and Trostle. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 
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4. Claims 1-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Tuomas Aura et al., DOS-resistant Authentication with Client Puzzles (hereafter referred 
to as Aura) in view of Trostle, USPN 5.919,257 (hereafter referred to as Trostle). 

5. Regarding claim 1 , Aura taught a system for controlling access to a resource of a 
computer system (column 2. lines 45-53), comprising: 

a database of problems (page 5, "The server stores the values C, Ns Nc as long 
as it still considers the nonce Ns recent."); 

a problem retriever that responds to a request from a client for access to said 
resource by retrieving one of said problems and transmitting said one of said problems 
to said client (page 4, To create new puzzles, the server periodically generates a nonce 
Ns and sends it to client. "), and 

a solution evaluator that, upon receiving a putative solution from said client, 
validates said putative solution and. if said putative solution is valid, grants said client 
access to said resource (page 5, "The server verifies the client* s solution to the puzzle 
by computing the hash and, only after seeing that it is correct verifies the signature and 
continues with the last message of the authentication."). Aura does not specifically 
teach the database including corresponding pre-calculated solutions and employing 
said database. However. Trostle taught a database including corresponding pre- 
calculated solutions and employing the database (column 7, lines 3-10). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made that 
incorporating Trestle's database of pre-calculated solutions in Aura's protocol for 
providing DOS-resistant authentication would have been an equivalent mechanism for 
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providing solution verification. The nnotivation would have been because a desirable 
alternative to perfornning the hash function is to lookup the hash values in a database. 

6. Regarding dependent claim 2, Aura taught said problems comprise outputs and 
portions of corresponding inputs to a one-way function (page 3, "The puzzle we use is 
the brute- force reversal of a one-way function such as MD5 or SHA."). 

7. Regarding dependent claim 3, Aura taught said one-way function is a Message 
Digest-5 function (page 3, "The puzzle we use is the brute- force reversal of a one-way 
function such as MD5 or SHA"). 

8. Regarding dependent claim 4, Aura taught said problem retriever replaces said 
one of said problems and a corresponding one of said solutions when said putative 
solution is valid (page 5, "The server verifies the client's solution to the puzzle by 
computing the hash and, only after seeing that it is correct verifies the signature and 
continues with the last message of the authentication."). 

9. Regarding dependent claim 5, Aura taught said problem retriever replaces said 
one of said problems and a corresponding one of said solutions only when said putative 
solution is valid (page 5, "The server verifies the client's solution to the puzzle by 
computing the hash and, only after seeing that it is correct verifies the signature and 
continues with the last message of the authentication."). 

10. Regarding dependent claim 6, Aura taught said solution evaluator grants said 
client access to said resource by allocating memory associated with said resource to 
serve said client (page 1 , "In this paper, we advocate the design principle that the client 
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should always commit its resources to the authentication protocol first and the server 
should be able to verify the client commitment before allocating its own resources"), 

1 1 . Regarding dependent claim 7, Aura taught said resource is selected from the 
group consisting of: a network server (page 1, "In this paper, we advocate the design 
principle that the client should always commit its resources to the authentication 
protocol first and the server should be able to verify the client commitment before 
allocating its own resources"), an electronic mail server, and a main database. 

12. The language of claims 8-14 is substantially the same as previously rejected 
claims 1-7. Therefore, claim 8-14 are rejected on the same rationale as previously 
rejected claims 1-7, supra. 

Conclusion 

13. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

14. Rose et al., USPN 6,944,765: a method of enabling a provider to authenticate 
users including the steps of constructing a in response to information received from 
user, sending to the user; and returning a solution to the puzzle to the provider. 

1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Patrice Winder whose telephone number is 571-272- 
3935. The examiner can normally be reached on Monday-Friday, 10:30 am-7:00 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Car done can be reached on 571-272-3933. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infornnation for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free)^ 
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Primary Examiner 
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